PT-2015-5903 · Rc4+8 · Rc4+8

Itsik Mantin

·

Published

2015-03-31

·

Updated

2026-05-28

·

CVE-2015-2808

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions RC4 (affected versions not specified)
Description The RC4 algorithm, used in the TLS and SSL protocols, does not properly combine state data with key data during the initialization phase. This weakness, known as the Invariance Weakness, allows remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by capturing network traffic that relies on affected keys. The attackers can then use a brute-force approach involving LSB values to obtain plaintext data. This issue is also referred to as the "Bar Mitzvah" problem.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CESA-2015_1228
CESA-2015_1229
CESA-2015_1526
CVE-2015-2808
DLA-303-1
DSA-3316-1
DSA-3339-1
HPSBUX03512
MGASA-2015-0277
MGASA-2015-0280
OPENSUSE-SU-2015_1288-1
OPENSUSE-SU-2015_1289-1
OPENSUSE-SU-2024:10197-1
OPENSUSE-SU-2024:10534-1
RHSA-2015:1006
RHSA-2015:1007
RHSA-2015:1020
RHSA-2015:1021
RHSA-2015:1091
RHSA-2015:1228
RHSA-2015:1229
RHSA-2015:1230
RHSA-2015:1241
RHSA-2015:1242
RHSA-2015:1243
RHSA-2015:1526
RHSA-2015_1006
RHSA-2015_1020
RHSA-2015_1021
RHSA-2015_1228
RHSA-2015_1229
RHSA-2015_1230
RHSA-2015_1241
RHSA-2015_1242
RHSA-2015_1243
RHSA-2015_1526
SUSE-SU-2015:1073-1
SUSE-SU-2015:1161-1
SUSE-SU-2015:1319-1
SUSE-SU-2015:1320-1
SUSE-SU-2015:1329-1
SUSE-SU-2015:1331-1
SUSE-SU-2015:1345-1
SUSE-SU-2015:1375-1
SUSE-SU-2015:1509-1
SUSE-SU-2015:2166-1
SUSE-SU-2015:2192-1
USN-2696-1
USN-2706-1

Affected Products

Centos
Hp-Ux
Huawei Vrp
Ibm Aix
Java Platform
Rc4
Red Hat
Suse
Ubuntu